Skip to content

[palo-alto-cortex-xsoar] feat(collector): create XSOAR collector (#301)#348

Open
mariot wants to merge 10 commits into
mainfrom
feature/301-create-palo-alto-xsoar
Open

[palo-alto-cortex-xsoar] feat(collector): create XSOAR collector (#301)#348
mariot wants to merge 10 commits into
mainfrom
feature/301-create-palo-alto-xsoar

Conversation

@mariot
Copy link
Copy Markdown
Member

@mariot mariot commented Apr 28, 2026

Proposed changes

Testing Instructions

  1. Step-by-step how to test
  2. Environment or config notes

Related issues

Checklist

  • I consider the submitted work as finished
  • I tested the code for its functionality
  • I wrote test cases for the relevant uses case
  • I added/update the relevant documentation (either on github or on notion)
  • Where necessary I refactored code to improve the overall quality
  • For bug fix -> I implemented a test that covers the bug

Further comments

@mariot mariot requested review from Kakudou, guzmud and jabesq April 28, 2026 09:23
@mariot mariot self-assigned this Apr 28, 2026
@mariot mariot added filigran team use to identify PR from the Filigran team feature use for describing a new feature to develop collector: palo alto cortex XSOAR labels Apr 28, 2026
@mariot mariot changed the title [palo-alto-cortex-xsoar] feature(core): create collector (#301) [palo-alto-cortex-xsoar] feat(collector): create XSOAR collector (#301) Apr 28, 2026
@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 28, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 98.64371% with 26 lines in your changes missing coverage. Please review.
✅ Project coverage is 77.10%. Comparing base (9754909) to head (715f894).

Files with missing lines Patch % Lines
palo-alto-cortex-xsoar/tests/test_collector.py 91.60% 12 Missing ⚠️
palo-alto-cortex-xsoar/src/collector/models.py 90.56% 5 Missing ⚠️
...-cortex-xsoar/src/models/settings/config_loader.py 91.30% 2 Missing ⚠️
palo-alto-cortex-xsoar/src/services/converter.py 87.50% 2 Missing ⚠️
...lo-alto-cortex-xsoar/src/services/trace_service.py 96.96% 2 Missing ⚠️
palo-alto-cortex-xsoar/src/models/incident.py 97.22% 1 Missing ⚠️
palo-alto-cortex-xsoar/tests/conftest.py 97.91% 1 Missing ⚠️
palo-alto-cortex-xsoar/tests/factories.py 97.91% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #348      +/-   ##
==========================================
+ Coverage   71.01%   77.10%   +6.09%     
==========================================
  Files         128      165      +37     
  Lines        6775     8692    +1917     
==========================================
+ Hits         4811     6702    +1891     
- Misses       1964     1990      +26

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@mariot mariot force-pushed the feature/301-create-palo-alto-xsoar branch 3 times, most recently from 6cf130c to 11e31c3 Compare April 28, 2026 12:06
guzmud
guzmud reviewed Apr 28, 2026
View reviewed changes
Comment thread palo-alto-cortex-xsoar/src/models/incident.py Outdated
Comment thread palo-alto-cortex-xsoar/src/services/utils/trace_builder.py Outdated
Comment thread palo-alto-cortex-xsoar/src/services/utils/trace_builder.py
Comment thread palo-alto-cortex-xsoar/src/services/client_api.py Outdated
Comment thread palo-alto-cortex-xsoar/src/models/settings/palo_alto_cortex_xsoar_configs.py Outdated
guzmud
guzmud reviewed Apr 29, 2026
View reviewed changes
Comment thread palo-alto-cortex-xsoar/src/models/incident.py Outdated
guzmud
guzmud reviewed May 6, 2026
View reviewed changes
Comment thread palo-alto-cortex-xsoar/src/services/client_api.py Outdated
@guzmud
Copy link
Copy Markdown
Member

guzmud commented May 6, 2026
edited
Loading

Unless I'm mistaken, the API rate-limit responses leading to a backoff and retry is missing from the codebase (US.3 Error Handling & Resilience, AC-3.1, part of chunk 5 Hardening & Delivery).

Edit: handled by including the HTTP error 429 in the retry/backoff system

@guzmud guzmud force-pushed the feature/301-create-palo-alto-xsoar branch from 87fe716 to 1caf077 Compare May 6, 2026 09:59
Kakudou
Kakudou requested changes May 11, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@Kakudou Kakudou left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mostly QoL, so i will conduct the execution/usage tests of the collector while waiting for those small fixes ;)

Comment thread palo-alto-cortex-xsoar/src/services/utils/signature_extractor.py Outdated
Comment thread palo-alto-cortex-xsoar/src/services/alert_fetcher.py
Comment thread palo-alto-cortex-xsoar/src/services/client_api.py Outdated
@guzmud guzmud force-pushed the feature/301-create-palo-alto-xsoar branch from 31e9405 to 715f894 Compare May 11, 2026 14:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@guzmud guzmud guzmud left review comments

@Kakudou Kakudou Kakudou requested changes

@jabesq jabesq Awaiting requested review from jabesq

Requested changes must be addressed to merge this pull request.

Assignees

@mariot mariot

Labels

collector: palo alto cortex XSOAR feature use for describing a new feature to develop filigran team use to identify PR from the Filigran team

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Palo Alto XSOAR] Create the collector

4 participants

@mariot @guzmud @Kakudou @ncarenton